PollCat NetLink-VIP & PollCat NLJ-VIP - User’s Guide
Example 2: After Hours Long Distance Calls.
This clue counts long distance calls placed after 6:00 pm and before 7:00
am. This type of call could indicate that a hacker has obtained an access
code for an outside line and is using the line to dial long distance numbers
after work hours.
For this example, assume the Alarm Filter Format is deﬁned as shown
in Figure 9.8. Note that the ﬁrst three lines in Figure 9.8 are sample call
records, and the fourth line is the Alarm Filter Format. The variables B, C,
and E are not used for this clue.
A is the time the call was received or placed.
D is the ﬁrst seven digits of the number dialed.
Match Parameters for this Alarm Clue would be deﬁned as follows:
Counts calls placed after 18:00 or before 07:00.
* is the logical AND operator.
D=1------ Counts calls where the ﬁrst digit of the number dialed is
"1". Note that the remaining 6 digits are entered as wild
card characters (-).
|19:18|067|R.JONES |OUT|12145551234 |25:36|04.75|
|19:20|092|J.SMITH |OUT|18008547226 |01:07|00.00|
|21:21|002|R.JONES |OUT|12135551212 |30:15|05.75|
Figure 9.8: Alarm Filter Format; Match Parameters Example 2